Skip to content

Reject NUL bytes in HTTP request lines#832

Open
andrewkernel wants to merge 1 commit into
cherrypy:mainfrom
andrewkernel:fix-null-byte-request-line
Open

Reject NUL bytes in HTTP request lines#832
andrewkernel wants to merge 1 commit into
cherrypy:mainfrom
andrewkernel:fix-null-byte-request-line

Conversation

@andrewkernel

Copy link
Copy Markdown

Summary

  • reject request lines containing NUL bytes with a 400 Bad Request response
  • add a regression test covering a request line with an embedded NUL byte

Testing

  • python -m pytest --no-cov -n 0 cheroot/test/test_core.py -k null_byte_in_request_line

Note: the targeted test passed in the workspace, but pytest emitted a cache-permission warning in this sandbox after completion.

@read-the-docs-community

Copy link
Copy Markdown

Documentation build overview

📚 cheroot | 🛠️ Build #33334420 | 📁 Comparing 0f32bcb against latest (3937fe1)

  🔍 Preview build  

6 files changed · ± 6 modified

± Modified

@codecov

codecov Bot commented Jun 27, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 78.05%. Comparing base (3937fe1) to head (0f32bcb).
✅ All tests successful. No failed tests found.

Additional details and impacted files
@@            Coverage Diff             @@
##             main     #832      +/-   ##
==========================================
- Coverage   78.15%   78.05%   -0.10%     
==========================================
  Files          41       41              
  Lines        4788     4799      +11     
  Branches      547      548       +1     
==========================================
+ Hits         3742     3746       +4     
- Misses        906      912       +6     
- Partials      140      141       +1     

@julianz- julianz- left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for this PR. Looks useful but see inline comments. Also in the PR description you did not use the standard template that makes clear what you have and have not addressed.

Comment thread cheroot/test/test_core.py

def test_null_byte_in_request_line(test_client):
"""Check that NUL bytes in the request line return Bad Request."""
c = test_client.get_connection()

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's use descriptive vars rather than single characters. conn would be better here.

Comment thread cheroot/server.py

try:
method, uri, req_protocol = request_line.strip().split(SPACE, 2)
if b'\x00' in request_line:

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Better to check for null bytes before doing any parsing. Suggest moving this above request_line.strip().split(SPACE, 2)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants